Juniper Netscreen Idp - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

35
Configuring the IDP
Sensor
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
J N
UNIPER
A STRM NetScreen IDP DSM accepts NetScreen IDP events using syslog. STRM
records all relevant NetScreen IDP events. To integrate STRM with a Juniper
NetScreen IDP device, you must:
Configuring the IDP Sensor
•
Configuring STRM to Collect IDP Events
•
To configure the IDP Sensor to send logs to a syslog server:
Log in to the Juniper NSM interface.
In NSM, edit the IDP device.
Select Report Settings.
Select Enable Syslog.
Enter the Syslog Server STRM IP address.
Click OK.
Use Update Device to load the new settings onto the Sensor.
The format of the syslog message sent by the IDP Sensor is as follows:
<day id>, <record id>, <timeReceived>, <timeGenerated>,
<domain>, <domainVersion>, <deviceName>, <deviceIpAddress>,
<category>, <subcategory>,<src zone>, <src intface>, <src addr>,
<src port>, <nat src addr>, <nat src port>, <dstzone>,
<dst intface>, <dst addr>, <dst port>, <nat dst addr>,
<nat dst port>,<protocol>, <rule domain>, <rule domainVersion>,
<policyname>, <rulebase>, <rulenumber>, <action>, <severity>,
<is alert>, <elapsed>, <bytes in>, <bytes out>, <bytestotal>,
<packet in>, <packet out>, <packet total>, <repeatCount>,
<hasPacketData>,<varData Enum>, <misc-str>, <user str>,
<application str>, <uri str>
Configuring DSMs Guide
S
ET CREEN
IDP